Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab (www.cbc.ca) 29
Matthew Braga, reporting for CBC: Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign. And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes. Internet filtering equipment sold by technology company Sandvine -- founded in Waterloo, Ont. -- is believed to have played a significant part in both.
That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed. Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer "secure download" links.
That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed. Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer "secure download" links.
The many joys... (Score:4, Informative)
Re: (Score:2)
Re: (Score:1)
Re:The many joys... (Score:4)
It's not a binary. America certainly isn't the utopia of freedom and democracy that many citizens claim it to be - but it's still far, far better than Turkey. In America, questioning the whims of the ruling class probably isn't going to achieve much - but it isn't going to result in your mysteriously disappearing one day either. There have been a number of reports in the last year of that happening in Turkey.
My mates think me daft... (Score:1, Insightful)
however, I never download anything without vetting what I've downloaded, either by dint of checking the checksum or emailing the developer should I think something is dodgy. Having worked in IT security for many years, I know what dangers lurk out there. I do the same for my iPhone. I have never found myself wanting an app that Apple has not included. I don't do my banking on my mobile. Ever. I live close enough to the city centre where I can simply visit my bank should I need to do so. And, what with the t
Re: (Score:2)
I take many similar precautions, but not all. (I have some utilities on my iPhone and will purchase on my credit card through it, but i don't do banking on it.)
One thing I also do is distrust certain certificates; generally those I recognize as having been issued by countries run by despots. For example, I'll personally never have a need to a secure connection to any site in Turkey. So why should I trust their national issuer, when their government could theoretically abuse it to issue certs valid for any
HTTPS all the things! (Score:5, Insightful)
Even seemingly irrelevant content. This day in (the WWW's) age gives no excuses beyond being too lazy to update legacy websites and platforms. It should be the default everywhere and there should be a GOOD reason to transfer anything unencrypted.
Scumbags (Score:5, Insightful)
Re: (Score:1)
Re:Scumbags (Score:5, Informative)
Possibly.
Many of the newer DPI and PCEF engines are quite flexible, and can be configured by the customer (ISP/MNO/MVNO). The functionality is neutral and can be used for benign purposes (eg. redirect to top-up pages) or malign purposes (replacing a download). Sandvine is not the only vendor of such equipment - there's also Cisco, Allot, Huawei, ZTE, Procera, Alcatel, ...
The article doesn't indicate if Sandvine helped with it or if it was done by the Turkish telco themselves. Given Sandvine's history with the Comcast bittorrent connection reset years ago, I wouldn't be surprised if Sandvine helped, or implemented specific features to facilitate the stuff in Turkey.
Re: (Score:2)
The Capitalists Will Sell Us the Rope with Which We Will Hang Them [quoteinvestigator.com]
European Union (Score:3)
It's becoming increasingly clear that no turk living today will ever see their dream of someday joining the EU realized in their lifetime.
Turkey is another perfect example of collective gullibility, where a majority democratically and freely chose a leader because they were clueless enough to actually believe him when he told them he would respect democracy and freedom once in power.
Frankly, I'm getting sick and tired of seeing country after country falling for the same old crap that's been going on for millenia time and time again. A supposedly intelligent species that simply cannot learn from the mistakes of its past and repeats them again and again and again is a textbook example of an evolutionary dead-end.